[PATCH 00/17] KEYS: PKCS#7 and PE file signature checking for kexec

Borislav Petkov bp at alien8.de
Wed Jul 9 09:03:49 PDT 2014

Hi David,

On Wed, Jul 09, 2014 at 04:15:25PM +0100, David Howells wrote:
> David Howells (16):
>       X.509: Add bits needed for PKCS#7
>       X.509: Export certificate parse and free functions
>       PKCS#7: Implement a parser [RFC 2315]
>       PKCS#7: Digest the data in a signed-data message
>       PKCS#7: Find the right key in the PKCS#7 key list and verify the signature
>       PKCS#7: Verify internal certificate chain
>       PKCS#7: Find intersection between PKCS#7 message and known, trusted keys
>       PKCS#7: Provide a key type for testing PKCS#7
>       KEYS: X.509: Fix a spelling mistake
>       Provide PE binary definitions
>       pefile: Parse a PE binary to find a key and a signature contained therein
>       pefile: Strip the wrapper off of the cert data block
>       pefile: Parse the presumed PKCS#7 content of the certificate blob
>       pefile: Parse the "Microsoft individual code signing" data blob
>       pefile: Digest the PE binary and compare to the PKCS#7 data
>       pefile: Validate PKCS#7 trust chain
> Vivek Goyal (1):
>       pefile: Handle pesign using the wrong OID

let me see if I get this straight:

this current submission is supposed to replace


and Vivek's one:


(which added those parsers to arch/x86/kernel/ - not a good place anyway.)


The kexec bits with the sig verif will come ontop, it seems. What's the
story guys?



Sent from a fat crate under my desk. Formatting is fine.

More information about the kexec mailing list